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When analyzing 
or 

troubleshooting 
the operation of a 
wireless LAN, 
youll likely be 
using an 802.1 1 
packet analyzer 
(e.g., AijpE££k or 
S niffer Wireless ! 
to monitor the 
communications 
between radio 
network interface 
cards (NICs) and 
access points. 
After capturing 
the packets, you 
need to 

understand the 
different 802.11 
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The article lays out the considerations for preparing art 
enterprise WL/VN. Documenting user application and bandwidth 
requirements, choosing the appropriate technology and 
products, and completing a comprehensive site survey prior to 
installation will help you deploy a wireless network that meets or 
exceeds your company's and your users 1 — greatest 
expectations- included are a site survey checklist and sample of 
an "outside In" site survey method. Rfigig&rJO download* 

Wireless LAN Security lit D epth 

This paper frames the WLAN implementation within the context 
of the overall security design. SAFE represents a system-based 
approach to security and VPN design. This type of approach 
focuses on overall design goals and translates those goals into 
specific configurations and topologies, in the context of wireless, 
Cisco recommends that you also consider network design 
elements such as mobility and quality of service (QoS) when 
deeding on an overall wlaN design. ^gjsJter_tp._dpw„n.ioad* 
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802. Ug is an exciting new technology that offers additional 
performance, white providing investment protection for 802*1 lb 
clients through backward compatibility. By using previous 
technologies and economies of scale, 802- Hg devices are 
available at little or no additional cost relative to 802.11b, As 
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frame types as a 
basis for 

deciphering what 
the network is or 
isnt doing. In this 
tutorial, IU give 
you an overview 
of the mote 
common 802.11 
frames to help 
you become more 
adept at 

comprehending 
the operation of a 
wireless LAN 
and solving 
network 
problems, 

General frame 
concepts 
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explore how K> use radio managernent-a feature of theSDB 
Structured wireless-Aware Network (SWAN)--to *>as»y art 
effectively deploy, operate, and manage a secure wireless^ 
network. In this audlocast, hear the experts discuss howafeStes 
LAN (WUVN) radio management can help you better de teflt 
malicious or employee ro$ ue access points, detect interior, 
perform site surveys, and manage daily WLAN operations. 
R aster to download. 
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The 802.11 
standard defines 
various frame 
types thai stations 
(NICs and access 
points) use for 
communications, 

as well as managing and controlling the wireless link. Every frame has a 
control field that depicts the 802.11 protocol version, frame type, and 
various indicators, such as whether WEP is on, power management is 
active, and so on. In addition all frames contain MAC addresses of the 
source and destination station (and access point), a frame sequence number, 
frame body and frame check sequence (for error detection). 

802. 1 1 data frames carry protocols and data from higher layers within the 
frame body. A data frame, for example, could be carrying the HTML code 
from a Web page (complete with TCP/IP headers) that the user is viewing. 
Other frames that stations use for management and control carry specific 
information regarding the wireless J ink in the frame body. For example, a 
beacon's frame body contains the $ervice set identifier (SSID), timestamp, 
and other pertinent information regarding the access poinL 

Note: For more details regarding 802.1 1 frame structure and usage, refer to 
the 802. 1 1 standard, which is free for download from the 8C&i.l^Q!*ilig 
proyrjWcj) site. 

Management Frames 
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802.11 management frames enable stations to establish and maintaa 
communications. The following arc common 802.1 1 management s 
subtypes: 



• Authentication frame: 802.11 authentication is a process vt&a&y 
the access point either accepts or rejects the identity of a radinK. 
The NIC begins the process by sending an authentication fra«. 
containing its identity to the access point. With open system 
authentication (the default), the radio NIC sends only one 
authentication frame, and the access point responds with an 
authentication frame as a response indicating acceptance (or 
rejection). With the optional shared key authentication, the rafioJfTC 
sends an initial authentication frame, and the access point regis* 
with an authentication frame containing challenge (ext. Theafa 
NIC must send an encrypted version of the challenge text (uaoRfc 
WEP key) in an authentication frame back to the access pouftHe 
access point ensures that the radio NIC has the correct WEP iqr 
(which is the basis for authentication) by seeing whether the 
challenge text recovered after decryption is the same that wasnl 
previously. Based on the results of this comparison, the acceopoint 
replies to the radio NIC with an authentication frame signifyagfoe 
result of authentication. 

• Deauthentkation frame: A station sends a deauthenticationframe 
to another station if it wishes to terminate secure conununicaaoas. 

• Association request frame: S02.ll association enables the aeccss 
point to allocate resources for and synchronize with a radio NIC. A 
NIC begins the association process by sending an associalionrequest 
to an access point This frame carries information about the NIC 
(c,g., supported data rates) and the SSID of the network it wishes to 
associate with. After receiving the association request, the access 
point considers associating with the NIC, and (if accepted) reserves 
memory space and establishes an association ID for the NIC. 

• Association response frame; An access point sends an association 
response frame containing an acceptance or rejection notice to the 
radio NIC requesting association. If die access point accepts Ihe radio 
NIC, the frame includes information regarding the association, such 
as association ID and supported data rates. If the outcome of the 
association i$ positive, the radio NIC can utilize the access point to 
communicate with other NIC$ on the network and systems on the 
distribution (i.e., Ethernet) side of the access point 

• Reassociation request frame: If a radio NIC roams away from the 
currently associated access point and finds another access point 
having a stronger beacon signal, the radio NIC will send a 
reassociation frame to the new access point. The new access point 
then coordinates the forwarding of data frames that may still be in 
the buffer of the previous access point waiting for transmission to the 
radio NIC. 
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• Reassociation response frame: An access point scuds a 
reassociation response frame containing an acceptance or rejacfion 
notice to the radio NIC requesting reassociation. Similar to the 
association process, the frame includes information regaolingths 
association, such as association ID and supported data rates. 

• Disassociation frarue: A station sends a dissociation fr£:mcto 
another station if it wishes to terminate the association. For example, 
a radio NIC that is shut down gracefully can send a disassociarion 
frame to alert the access point that the NIC is powering off. The 
access point can then relinquish memory allocations and remove the 
radio NIC from the association tabic. 

• Beacon frame; The access point periodically sends a beacon frame 
to announce its presence and relay information, such as timestamp, 
SSID, and other parameters regarding the access point to radio NICs 
that are within range. Radio HICs continually scan all 802.11 radio 
channels and listen to beacons as the basis for choosing which access 
point is best to associate with. 

• Probe request frame: A station sends a prohc request frame when it 
needs to obtain information from another station. For example, a 
radio NIC would send a probe request to determine which access 
points are within range. 

• Probe response frame; A station will respond with a probe response 
frame, containing capability information, supported data rates, etc., 
when after it receives a probe request frame. 

Control Frames 

B02.ll control frames assist in the delivery of data frames between stations. 
The following are common 802.11 control frame subtypes; 

. Request to Send (RTS) frame: The RTS/CTS function is optional 
and reduces frame collisions present when hidden stations have 
associations with the same access point. A station sends a RTS frame 
to another station as the first phase of a two-way handshake 
necessary before sending a data frame. 

• Clear to Send (CTS) frame: A station responds to a RTS with a 
CTS frame, providing clearance for the requesting station to send a 
data frame. The CTS includes a time value diat causes all other 
stations (including hidden stations) to hold off transmission of frames 
for a time period necessary for the requesting station to send its 
frame. This minimizes collisions among hidden stations, which can 
result in higher throughput if you implement it properly, 

• Acknowledgement (ACK) frame: After receiving a data frame, the 
receiving station will utilize an error checking processes to detect the 
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presence of errors. The receiving station will send an ACK finwwfc 
the sending station if no errors are found. If the sending statinu 
doesn't receive an ACK after a period of time, the sending sus&m 
will retransmit the frame. 

Data Frames 

Of course the main purpose of having a wireless LAN is to transpoa**- 
802.1 1 defines a data frame type that carries packets from higher laps*, 
such as web pages, printer control data, etc., within the body of thcta- 
When viewing 802.1 1 data frames with a packet analyser, you can 
generally observe the contents of the frame body to sec what packefifel 
the 802.1 1 data frames are transporting. 

Jim Geier provides independent consultin g services to companies 
developing and deploying wireless network solutions. He is the auA&rtf 
the book, Wircfess LANs (SAMs> 2001), and regularly instructs wQ^ops 
on wireless LANs. Join Jim for discussions as fie answers questions in&e 
S02.ll Planet Forum s. 
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